5 Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
7 Copyright (C) 1997 - 2001 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
30 SILC_TASK_CALLBACK(silc_server_protocol_rekey);
32 extern char *silc_version_string;
35 * Key Exhange protocol functions
38 /* Packet sending callback. This function is provided as packet sending
39 routine to the Key Exchange functions. */
41 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
46 SilcProtocol protocol = (SilcProtocol)context;
47 SilcServerKEInternalContext *ctx =
48 (SilcServerKEInternalContext *)protocol->context;
49 SilcServer server = (SilcServer)ctx->server;
51 /* Send the packet immediately */
52 silc_server_packet_send(server, ske->sock,
53 type, 0, packet->data, packet->len, TRUE);
56 /* Sets the negotiated key material into use for particular connection. */
58 int silc_server_protocol_ke_set_keys(SilcSKE ske,
59 SilcSocketConnection sock,
60 SilcSKEKeyMaterial *keymat,
65 SilcSKEDiffieHellmanGroup group,
68 SilcUnknownEntry conn_data;
71 SILC_LOG_DEBUG(("Setting new key into use"));
73 conn_data = silc_calloc(1, sizeof(*conn_data));
74 idata = (SilcIDListData)conn_data;
76 /* Allocate cipher to be used in the communication */
77 if (!silc_cipher_alloc(cipher->cipher->name, &idata->send_key)) {
81 if (!silc_cipher_alloc(cipher->cipher->name, &idata->receive_key)) {
86 if (is_responder == TRUE) {
87 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
89 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
90 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
92 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
94 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
96 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
97 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
99 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
102 idata->rekey = silc_calloc(1, sizeof(*idata->rekey));
103 idata->rekey->send_enc_key =
104 silc_calloc(keymat->enc_key_len / 8,
105 sizeof(*idata->rekey->send_enc_key));
106 memcpy(idata->rekey->send_enc_key,
107 keymat->send_enc_key, keymat->enc_key_len / 8);
108 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
110 if (ske->start_payload->flags & SILC_SKE_SP_FLAG_PFS)
111 idata->rekey->pfs = TRUE;
112 idata->rekey->ske_group = silc_ske_group_get_number(group);
114 /* Save the remote host's public key */
115 silc_pkcs_public_key_decode(ske->ke1_payload->pk_data,
116 ske->ke1_payload->pk_len, &idata->public_key);
119 if (!silc_hash_alloc(hash->hash->name, &idata->hash)) {
120 silc_cipher_free(idata->send_key);
121 silc_cipher_free(idata->receive_key);
122 silc_free(conn_data);
126 /* Save HMAC key to be used in the communication. */
127 if (!silc_hmac_alloc(hmac->hmac->name, NULL, &idata->hmac_send)) {
128 silc_cipher_free(idata->send_key);
129 silc_cipher_free(idata->receive_key);
130 silc_hash_free(idata->hash);
131 silc_free(conn_data);
134 silc_hmac_set_key(idata->hmac_send, keymat->hmac_key, keymat->hmac_key_len);
135 idata->hmac_receive = idata->hmac_send;
137 sock->user_data = (void *)conn_data;
142 /* Check remote host version string */
144 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
147 SilcSKEStatus status = SILC_SKE_STATUS_OK;
149 int maj = 0, min = 0, build = 0, maj2, min2, build2;
151 SILC_LOG_INFO(("%s (%s) is version %s", ske->sock->hostname,
152 ske->sock->ip, version));
154 /* Check for initial version string */
155 if (!strstr(version, "SILC-1.0-"))
156 status = SILC_SKE_STATUS_BAD_VERSION;
158 /* Check software version */
160 if (len < strlen(silc_version_string))
161 status = SILC_SKE_STATUS_BAD_VERSION;
165 cp = strchr(cp, '.');
170 cp = strchr(cp, '.');
172 build = atoi(cp + 1);
174 cp = silc_version_string + 9;
176 cp = strchr(cp, '.');
181 cp = strchr(cp, '.');
183 build2 = atoi(cp + 1);
186 status = SILC_SKE_STATUS_BAD_VERSION;
189 status = SILC_SKE_STATUS_BAD_VERSION;
195 /* Performs key exchange protocol. This is used for both initiator
196 and responder key exchange. This is performed always when accepting
197 new connection to the server. This may be called recursively. */
199 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
201 SilcProtocol protocol = (SilcProtocol)context;
202 SilcServerKEInternalContext *ctx =
203 (SilcServerKEInternalContext *)protocol->context;
204 SilcServer server = (SilcServer)ctx->server;
205 SilcSKEStatus status = 0;
207 SILC_LOG_DEBUG(("Start"));
209 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
210 protocol->state = SILC_PROTOCOL_STATE_START;
212 SILC_LOG_DEBUG(("State=%d", protocol->state));
214 switch(protocol->state) {
215 case SILC_PROTOCOL_STATE_START:
222 /* Allocate Key Exchange object */
223 ske = silc_ske_alloc();
225 ske->rng = server->rng;
227 if (ctx->responder == TRUE) {
228 /* Start the key exchange by processing the received security
229 properties packet from initiator. */
230 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
232 ctx->packet->buffer, FALSE,
235 SilcSKEStartPayload *start_payload;
237 /* Assemble security properties. */
238 silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_NONE,
242 /* Start the key exchange by sending our security properties
243 to the remote end. */
244 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
246 silc_server_protocol_ke_send_packet,
250 if (status != SILC_SKE_STATUS_OK) {
251 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
253 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
256 protocol->state = SILC_PROTOCOL_STATE_ERROR;
257 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
261 /* Advance protocol state and call the next state if we are responder */
263 if (ctx->responder == TRUE)
264 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
272 if (ctx->responder == TRUE) {
273 /* Sends the selected security properties to the initiator. */
275 silc_ske_responder_phase_1(ctx->ske,
276 ctx->ske->start_payload,
277 silc_server_protocol_ke_send_packet,
280 /* Call Phase-1 function. This processes the Key Exchange Start
281 paylaod reply we just got from the responder. The callback
282 function will receive the processed payload where we will
284 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer,
288 if (status != SILC_SKE_STATUS_OK) {
289 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
291 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
294 protocol->state = SILC_PROTOCOL_STATE_ERROR;
295 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
299 /* Advance protocol state and call next state if we are initiator */
301 if (ctx->responder == FALSE)
302 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
310 if (ctx->responder == TRUE) {
311 /* Process the received Key Exchange 1 Payload packet from
312 the initiator. This also creates our parts of the Diffie
313 Hellman algorithm. */
314 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
315 NULL, NULL, NULL, NULL);
317 /* Call the Phase-2 function. This creates Diffie Hellman
318 key exchange parameters and sends our public part inside
319 Key Exhange 1 Payload to the responder. */
321 silc_ske_initiator_phase_2(ctx->ske,
324 silc_server_protocol_ke_send_packet,
328 if (status != SILC_SKE_STATUS_OK) {
329 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
331 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
334 protocol->state = SILC_PROTOCOL_STATE_ERROR;
335 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
339 /* Advance protocol state and call the next state if we are responder */
341 if (ctx->responder == TRUE)
342 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
350 if (ctx->responder == TRUE) {
351 /* This creates the key exchange material and sends our
352 public parts to the initiator inside Key Exchange 2 Payload. */
354 silc_ske_responder_finish(ctx->ske,
355 server->public_key, server->private_key,
356 SILC_SKE_PK_TYPE_SILC,
357 silc_server_protocol_ke_send_packet,
360 /* Finish the protocol. This verifies the Key Exchange 2 payload
361 sent by responder. */
362 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
363 NULL, NULL, NULL, NULL);
366 if (status != SILC_SKE_STATUS_OK) {
367 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
369 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
372 protocol->state = SILC_PROTOCOL_STATE_ERROR;
373 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
377 /* Send Ok to the other end. We will end the protocol as responder
378 sends Ok to us when we will take the new keys into use. */
379 if (ctx->responder == FALSE)
380 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
382 /* End the protocol on the next round */
383 protocol->state = SILC_PROTOCOL_STATE_END;
387 case SILC_PROTOCOL_STATE_END:
392 SilcSKEKeyMaterial *keymat;
393 int key_len = silc_cipher_get_key_len(ctx->ske->prop->cipher);
394 int hash_len = ctx->ske->prop->hash->hash->hash_len;
396 /* Process the key material */
397 keymat = silc_calloc(1, sizeof(*keymat));
398 status = silc_ske_process_key_material(ctx->ske, 16, key_len, hash_len,
400 if (status != SILC_SKE_STATUS_OK) {
401 protocol->state = SILC_PROTOCOL_STATE_ERROR;
402 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
403 silc_ske_free_key_material(keymat);
406 ctx->keymat = keymat;
408 /* Send Ok to the other end if we are responder. If we are initiator
409 we have sent this already. */
410 if (ctx->responder == TRUE)
411 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
413 /* Unregister the timeout task since the protocol has ended.
414 This was the timeout task to be executed if the protocol is
415 not completed fast enough. */
416 if (ctx->timeout_task)
417 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
419 /* Call the final callback */
420 if (protocol->final_callback)
421 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
423 silc_protocol_free(protocol);
427 case SILC_PROTOCOL_STATE_ERROR:
432 /* Send abort notification */
433 silc_ske_abort(ctx->ske, ctx->ske->status,
434 silc_server_protocol_ke_send_packet,
437 /* Unregister the timeout task since the protocol has ended.
438 This was the timeout task to be executed if the protocol is
439 not completed fast enough. */
440 if (ctx->timeout_task)
441 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
443 /* On error the final callback is always called. */
444 if (protocol->final_callback)
445 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
447 silc_protocol_free(protocol);
450 case SILC_PROTOCOL_STATE_FAILURE:
452 * We have received failure from remote
455 /* Unregister the timeout task since the protocol has ended.
456 This was the timeout task to be executed if the protocol is
457 not completed fast enough. */
458 if (ctx->timeout_task)
459 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
461 /* On error the final callback is always called. */
462 if (protocol->final_callback)
463 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
465 silc_protocol_free(protocol);
468 case SILC_PROTOCOL_STATE_UNKNOWN:
474 * Connection Authentication protocol functions
478 silc_server_password_authentication(SilcServer server, char *auth1,
481 if (!auth1 || !auth2)
484 if (!memcmp(auth1, auth2, strlen(auth1)))
491 silc_server_public_key_authentication(SilcServer server,
492 SilcPublicKey pub_key,
501 if (!pub_key || !sign)
504 silc_pkcs_alloc(pub_key->name, &pkcs);
505 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
506 silc_pkcs_free(pkcs);
510 /* Make the authentication data. Protocol says it is HASH plus
512 len = ske->hash_len + ske->start_payload_copy->len;
513 auth = silc_buffer_alloc(len);
514 silc_buffer_pull_tail(auth, len);
515 silc_buffer_format(auth,
516 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
517 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
518 ske->start_payload_copy->len),
521 /* Verify signature */
522 if (silc_pkcs_verify(pkcs, sign, sign_len, auth->data, auth->len)) {
523 silc_pkcs_free(pkcs);
524 silc_buffer_free(auth);
528 silc_pkcs_free(pkcs);
529 silc_buffer_free(auth);
534 silc_server_get_public_key_auth(SilcServer server,
535 SilcPublicKey pub_key,
536 unsigned char *auth_data,
537 uint32 *auth_data_len,
547 silc_pkcs_alloc(pub_key->name, &pkcs);
548 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
549 silc_pkcs_free(pkcs);
553 /* Make the authentication data. Protocol says it is HASH plus
555 len = ske->hash_len + ske->start_payload_copy->len;
556 auth = silc_buffer_alloc(len);
557 silc_buffer_pull_tail(auth, len);
558 silc_buffer_format(auth,
559 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
560 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
561 ske->start_payload_copy->len),
564 if (silc_pkcs_sign(pkcs, auth->data, auth->len, auth_data, auth_data_len)) {
565 silc_pkcs_free(pkcs);
566 silc_buffer_free(auth);
570 silc_pkcs_free(pkcs);
571 silc_buffer_free(auth);
575 /* Performs connection authentication protocol. If responder, we
576 authenticate the remote data received. If initiator, we will send
577 authentication data to the remote end. */
579 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
581 SilcProtocol protocol = (SilcProtocol)context;
582 SilcServerConnAuthInternalContext *ctx =
583 (SilcServerConnAuthInternalContext *)protocol->context;
584 SilcServer server = (SilcServer)ctx->server;
586 SILC_LOG_DEBUG(("Start"));
588 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
589 protocol->state = SILC_PROTOCOL_STATE_START;
591 SILC_LOG_DEBUG(("State=%d", protocol->state));
593 switch(protocol->state) {
594 case SILC_PROTOCOL_STATE_START:
600 if (ctx->responder == TRUE) {
602 * We are receiving party
607 unsigned char *auth_data = NULL;
609 SILC_LOG_INFO(("Performing authentication protocol for %s (%s)",
610 ctx->sock->hostname, ctx->sock->ip));
612 /* Parse the received authentication data packet. The received
613 payload is Connection Auth Payload. */
614 ret = silc_buffer_unformat(ctx->packet->buffer,
615 SILC_STR_UI_SHORT(&payload_len),
616 SILC_STR_UI_SHORT(&conn_type),
619 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
620 protocol->state = SILC_PROTOCOL_STATE_ERROR;
621 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
625 if (payload_len != ctx->packet->buffer->len) {
626 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
627 protocol->state = SILC_PROTOCOL_STATE_ERROR;
628 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
634 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
635 conn_type > SILC_SOCKET_TYPE_ROUTER) {
636 SILC_LOG_ERROR(("Bad connection type %d", conn_type));
637 protocol->state = SILC_PROTOCOL_STATE_ERROR;
638 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
642 if (payload_len > 0) {
643 /* Get authentication data */
644 silc_buffer_pull(ctx->packet->buffer, 4);
645 ret = silc_buffer_unformat(ctx->packet->buffer,
646 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
650 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
651 protocol->state = SILC_PROTOCOL_STATE_ERROR;
652 protocol->execute(server->timeout_queue, 0,
653 protocol, fd, 0, 300000);
659 * Check the remote connection type and make sure that we have
660 * configured this connection. If we haven't allowed this connection
661 * the authentication must be failed.
664 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
666 /* Remote end is client */
667 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
668 SilcServerConfigSectionClientConnection *client = NULL;
669 client = silc_server_config_find_client_conn(server->config,
673 client = silc_server_config_find_client_conn(server->config,
678 switch(client->auth_meth) {
680 /* No authentication required */
681 SILC_LOG_DEBUG(("No authentication required"));
684 case SILC_AUTH_PASSWORD:
685 /* Password authentication */
686 SILC_LOG_DEBUG(("Password authentication"));
687 ret = silc_server_password_authentication(server, auth_data,
693 /* Authentication failed */
694 SILC_LOG_ERROR(("Authentication failed"));
695 SILC_LOG_DEBUG(("Authentication failed"));
696 silc_free(auth_data);
697 protocol->state = SILC_PROTOCOL_STATE_ERROR;
698 protocol->execute(server->timeout_queue, 0,
699 protocol, fd, 0, 300000);
703 case SILC_AUTH_PUBLIC_KEY:
704 /* Public key authentication */
705 SILC_LOG_DEBUG(("Public key authentication"));
706 ret = silc_server_public_key_authentication(server,
715 SILC_LOG_ERROR(("Authentication failed"));
716 SILC_LOG_DEBUG(("Authentication failed"));
717 silc_free(auth_data);
718 protocol->state = SILC_PROTOCOL_STATE_ERROR;
719 protocol->execute(server->timeout_queue, 0,
720 protocol, fd, 0, 300000);
724 SILC_LOG_DEBUG(("No configuration for remote connection"));
725 SILC_LOG_ERROR(("Remote connection not configured"));
726 SILC_LOG_ERROR(("Authentication failed"));
727 silc_free(auth_data);
728 protocol->state = SILC_PROTOCOL_STATE_ERROR;
729 protocol->execute(server->timeout_queue, 0,
730 protocol, fd, 0, 300000);
735 /* Remote end is server */
736 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
737 SilcServerConfigSectionServerConnection *serv = NULL;
738 serv = silc_server_config_find_server_conn(server->config,
742 serv = silc_server_config_find_server_conn(server->config,
747 switch(serv->auth_meth) {
749 /* No authentication required */
750 SILC_LOG_DEBUG(("No authentication required"));
753 case SILC_AUTH_PASSWORD:
754 /* Password authentication */
755 SILC_LOG_DEBUG(("Password authentication"));
756 ret = silc_server_password_authentication(server, auth_data,
762 /* Authentication failed */
763 SILC_LOG_ERROR(("Authentication failed"));
764 SILC_LOG_DEBUG(("Authentication failed"));
765 silc_free(auth_data);
766 protocol->state = SILC_PROTOCOL_STATE_ERROR;
767 protocol->execute(server->timeout_queue, 0,
768 protocol, fd, 0, 300000);
772 case SILC_AUTH_PUBLIC_KEY:
773 /* Public key authentication */
774 SILC_LOG_DEBUG(("Public key authentication"));
775 ret = silc_server_public_key_authentication(server,
784 SILC_LOG_ERROR(("Authentication failed"));
785 SILC_LOG_DEBUG(("Authentication failed"));
786 silc_free(auth_data);
787 protocol->state = SILC_PROTOCOL_STATE_ERROR;
788 protocol->execute(server->timeout_queue, 0,
789 protocol, fd, 0, 300000);
793 SILC_LOG_DEBUG(("No configuration for remote connection"));
794 SILC_LOG_ERROR(("Remote connection not configured"));
795 SILC_LOG_ERROR(("Authentication failed"));
796 protocol->state = SILC_PROTOCOL_STATE_ERROR;
797 protocol->execute(server->timeout_queue, 0,
798 protocol, fd, 0, 300000);
799 silc_free(auth_data);
804 /* Remote end is router */
805 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
806 SilcServerConfigSectionServerConnection *serv = NULL;
807 serv = silc_server_config_find_router_conn(server->config,
811 serv = silc_server_config_find_router_conn(server->config,
816 switch(serv->auth_meth) {
818 /* No authentication required */
819 SILC_LOG_DEBUG(("No authentication required"));
822 case SILC_AUTH_PASSWORD:
823 /* Password authentication */
824 SILC_LOG_DEBUG(("Password authentication"));
825 ret = silc_server_password_authentication(server, auth_data,
831 /* Authentication failed */
832 SILC_LOG_ERROR(("Authentication failed"));
833 SILC_LOG_DEBUG(("Authentication failed"));
834 silc_free(auth_data);
835 protocol->state = SILC_PROTOCOL_STATE_ERROR;
836 protocol->execute(server->timeout_queue, 0,
837 protocol, fd, 0, 300000);
841 case SILC_AUTH_PUBLIC_KEY:
842 /* Public key authentication */
843 SILC_LOG_DEBUG(("Public key authentication"));
844 ret = silc_server_public_key_authentication(server,
853 SILC_LOG_ERROR(("Authentication failed"));
854 SILC_LOG_DEBUG(("Authentication failed"));
855 silc_free(auth_data);
856 protocol->state = SILC_PROTOCOL_STATE_ERROR;
857 protocol->execute(server->timeout_queue, 0,
858 protocol, fd, 0, 300000);
862 SILC_LOG_DEBUG(("No configuration for remote connection"));
863 SILC_LOG_ERROR(("Remote connection not configured"));
864 SILC_LOG_ERROR(("Authentication failed"));
865 silc_free(auth_data);
866 protocol->state = SILC_PROTOCOL_STATE_ERROR;
867 protocol->execute(server->timeout_queue, 0,
868 protocol, fd, 0, 300000);
873 silc_free(auth_data);
875 /* Save connection type. This is later used to create the
876 ID for the connection. */
877 ctx->conn_type = conn_type;
879 /* Advance protocol state. */
880 protocol->state = SILC_PROTOCOL_STATE_END;
881 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
885 * We are initiator. We are authenticating ourselves to a
886 * remote server. We will send the authentication data to the
887 * other end for verify.
891 unsigned char *auth_data = NULL;
892 uint32 auth_data_len = 0;
894 switch(ctx->auth_meth) {
896 /* No authentication required */
899 case SILC_AUTH_PASSWORD:
900 /* Password authentication */
901 if (ctx->auth_data && ctx->auth_data_len) {
902 auth_data = strdup(ctx->auth_data);
903 auth_data_len = ctx->auth_data_len;
908 case SILC_AUTH_PUBLIC_KEY:
910 unsigned char sign[1024];
912 /* Public key authentication */
913 silc_server_get_public_key_auth(server, ctx->auth_data,
914 sign, &auth_data_len,
916 auth_data = silc_calloc(auth_data_len, sizeof(*auth_data));
917 memcpy(auth_data, sign, auth_data_len);
922 payload_len = 4 + auth_data_len;
923 packet = silc_buffer_alloc(payload_len);
924 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
925 silc_buffer_format(packet,
926 SILC_STR_UI_SHORT(payload_len),
927 SILC_STR_UI_SHORT(server->server_type
929 SILC_SOCKET_TYPE_SERVER :
930 SILC_SOCKET_TYPE_ROUTER),
931 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
934 /* Send the packet to server */
935 silc_server_packet_send(server, ctx->sock,
936 SILC_PACKET_CONNECTION_AUTH, 0,
937 packet->data, packet->len, TRUE);
940 memset(auth_data, 0, auth_data_len);
941 silc_free(auth_data);
943 silc_buffer_free(packet);
945 /* Next state is end of protocol */
946 protocol->state = SILC_PROTOCOL_STATE_END;
951 case SILC_PROTOCOL_STATE_END:
958 SILC_PUT32_MSB(SILC_AUTH_OK, ok);
960 /* Authentication successful */
961 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
964 /* Unregister the timeout task since the protocol has ended.
965 This was the timeout task to be executed if the protocol is
966 not completed fast enough. */
967 if (ctx->timeout_task)
968 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
970 /* Protocol has ended, call the final callback */
971 if (protocol->final_callback)
972 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
974 silc_protocol_free(protocol);
977 case SILC_PROTOCOL_STATE_ERROR:
980 * Error. Send notify to remote.
982 unsigned char error[4];
984 SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
986 /* Authentication failed */
987 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
990 /* Unregister the timeout task since the protocol has ended.
991 This was the timeout task to be executed if the protocol is
992 not completed fast enough. */
993 if (ctx->timeout_task)
994 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
996 /* On error the final callback is always called. */
997 if (protocol->final_callback)
998 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1000 silc_protocol_free(protocol);
1004 case SILC_PROTOCOL_STATE_FAILURE:
1006 * We have received failure from remote
1009 /* Unregister the timeout task since the protocol has ended.
1010 This was the timeout task to be executed if the protocol is
1011 not completed fast enough. */
1012 if (ctx->timeout_task)
1013 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
1015 /* On error the final callback is always called. */
1016 if (protocol->final_callback)
1017 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1019 silc_protocol_free(protocol);
1022 case SILC_PROTOCOL_STATE_UNKNOWN:
1028 * Re-key protocol routines
1031 /* Actually takes the new keys into use. */
1034 silc_server_protocol_rekey_validate(SilcServer server,
1035 SilcServerRekeyInternalContext *ctx,
1036 SilcIDListData idata,
1037 SilcSKEKeyMaterial *keymat,
1040 if (ctx->responder == TRUE) {
1042 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
1043 keymat->enc_key_len);
1044 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
1046 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
1047 keymat->enc_key_len);
1048 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
1052 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
1053 keymat->enc_key_len);
1054 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
1056 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
1057 keymat->enc_key_len);
1058 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
1063 silc_hmac_alloc(idata->hmac_send->hmac->name, NULL, &idata->hmac_send);
1064 silc_hmac_set_key(idata->hmac_send, keymat->hmac_key,
1065 keymat->hmac_key_len);
1067 silc_hmac_free(idata->hmac_receive);
1068 idata->hmac_receive = idata->hmac_send;
1071 /* Save the current sending encryption key */
1073 memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len);
1074 silc_free(idata->rekey->send_enc_key);
1075 idata->rekey->send_enc_key =
1076 silc_calloc(keymat->enc_key_len / 8,
1077 sizeof(*idata->rekey->send_enc_key));
1078 memcpy(idata->rekey->send_enc_key, keymat->send_enc_key,
1079 keymat->enc_key_len / 8);
1080 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
1084 /* This function actually re-generates (when not using PFS) the keys and
1085 takes them into use. */
1087 void silc_server_protocol_rekey_generate(SilcServer server,
1088 SilcServerRekeyInternalContext *ctx,
1091 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1092 SilcSKEKeyMaterial *keymat;
1093 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1094 uint32 hash_len = idata->hash->hash->hash_len;
1096 SILC_LOG_DEBUG(("Generating new %s session keys (no PFS)",
1097 send ? "sending" : "receiving"));
1099 /* Generate the new key */
1100 keymat = silc_calloc(1, sizeof(*keymat));
1101 silc_ske_process_key_material_data(idata->rekey->send_enc_key,
1102 idata->rekey->enc_key_len,
1103 16, key_len, hash_len,
1104 idata->hash, keymat);
1106 /* Set the keys into use */
1107 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1109 silc_ske_free_key_material(keymat);
1112 /* This function actually re-generates (with PFS) the keys and
1113 takes them into use. */
1116 silc_server_protocol_rekey_generate_pfs(SilcServer server,
1117 SilcServerRekeyInternalContext *ctx,
1120 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1121 SilcSKEKeyMaterial *keymat;
1122 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1123 uint32 hash_len = idata->hash->hash->hash_len;
1124 unsigned char *tmpbuf;
1127 SILC_LOG_DEBUG(("Generating new %s session keys (with PFS)",
1128 send ? "sending" : "receiving"));
1130 /* Encode KEY to binary data */
1131 tmpbuf = silc_mp_mp2bin(ctx->ske->KEY, 0, &klen);
1133 /* Generate the new key */
1134 keymat = silc_calloc(1, sizeof(*keymat));
1135 silc_ske_process_key_material_data(tmpbuf, klen, 16, key_len, hash_len,
1136 idata->hash, keymat);
1138 /* Set the keys into use */
1139 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1141 memset(tmpbuf, 0, klen);
1143 silc_ske_free_key_material(keymat);
1146 /* Packet sending callback. This function is provided as packet sending
1147 routine to the Key Exchange functions. */
1150 silc_server_protocol_rekey_send_packet(SilcSKE ske,
1152 SilcPacketType type,
1155 SilcProtocol protocol = (SilcProtocol)context;
1156 SilcServerRekeyInternalContext *ctx =
1157 (SilcServerRekeyInternalContext *)protocol->context;
1158 SilcServer server = (SilcServer)ctx->server;
1160 /* Send the packet immediately */
1161 silc_server_packet_send(server, ctx->sock,
1162 type, 0, packet->data, packet->len, FALSE);
1165 /* Performs re-key as defined in the SILC protocol specification. */
1167 SILC_TASK_CALLBACK(silc_server_protocol_rekey)
1169 SilcProtocol protocol = (SilcProtocol)context;
1170 SilcServerRekeyInternalContext *ctx =
1171 (SilcServerRekeyInternalContext *)protocol->context;
1172 SilcServer server = (SilcServer)ctx->server;
1173 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1174 SilcSKEStatus status;
1176 SILC_LOG_DEBUG(("Start"));
1178 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
1179 protocol->state = SILC_PROTOCOL_STATE_START;
1181 SILC_LOG_DEBUG(("State=%d", protocol->state));
1183 switch(protocol->state) {
1184 case SILC_PROTOCOL_STATE_START:
1190 if (ctx->responder == TRUE) {
1192 * We are receiving party
1195 if (ctx->pfs == TRUE) {
1197 * Use Perfect Forward Secrecy, ie. negotiate the key material
1198 * using the SKE protocol.
1201 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_1) {
1202 /* Error in protocol */
1203 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1204 protocol->execute(server->timeout_queue, 0, protocol, fd,
1208 ctx->ske = silc_ske_alloc();
1209 ctx->ske->rng = server->rng;
1210 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1211 silc_ske_get_group_by_number(idata->rekey->ske_group,
1212 &ctx->ske->prop->group);
1214 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
1215 NULL, NULL, NULL, NULL);
1216 if (status != SILC_SKE_STATUS_OK) {
1217 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1220 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1221 protocol->execute(server->timeout_queue, 0,
1222 protocol, fd, 0, 300000);
1226 /* Advance the protocol state */
1228 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
1231 * Do normal and simple re-key.
1234 /* Send the REKEY_DONE to indicate we will take new keys into use */
1235 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1238 /* After we send REKEY_DONE we must set the sending encryption
1239 key to the new key since all packets after this packet must
1240 encrypted with the new key. */
1241 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1243 /* The protocol ends in next stage. */
1244 protocol->state = SILC_PROTOCOL_STATE_END;
1249 * We are the initiator of this protocol
1252 /* Start the re-key by sending the REKEY packet */
1253 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY,
1256 if (ctx->pfs == TRUE) {
1258 * Use Perfect Forward Secrecy, ie. negotiate the key material
1259 * using the SKE protocol.
1261 ctx->ske = silc_ske_alloc();
1262 ctx->ske->rng = server->rng;
1263 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1264 silc_ske_get_group_by_number(idata->rekey->ske_group,
1265 &ctx->ske->prop->group);
1268 silc_ske_initiator_phase_2(ctx->ske, NULL, NULL,
1269 silc_server_protocol_rekey_send_packet,
1272 if (status != SILC_SKE_STATUS_OK) {
1273 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1276 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1277 protocol->execute(server->timeout_queue, 0,
1278 protocol, fd, 0, 300000);
1282 /* Advance the protocol state */
1286 * Do normal and simple re-key.
1289 /* Send the REKEY_DONE to indicate we will take new keys into use
1291 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1294 /* After we send REKEY_DONE we must set the sending encryption
1295 key to the new key since all packets after this packet must
1296 encrypted with the new key. */
1297 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1299 /* The protocol ends in next stage. */
1300 protocol->state = SILC_PROTOCOL_STATE_END;
1308 * Second state, used only when oding re-key with PFS.
1310 if (ctx->responder == TRUE) {
1311 if (ctx->pfs == TRUE) {
1313 * Send our KE packe to the initiator now that we've processed
1314 * the initiator's KE packet.
1317 silc_ske_responder_finish(ctx->ske, NULL, NULL,
1318 SILC_SKE_PK_TYPE_SILC,
1319 silc_server_protocol_rekey_send_packet,
1322 if (status != SILC_SKE_STATUS_OK) {
1323 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1326 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1327 protocol->execute(server->timeout_queue, 0,
1328 protocol, fd, 0, 300000);
1334 if (ctx->pfs == TRUE) {
1336 * The packet type must be KE packet
1338 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_2) {
1339 /* Error in protocol */
1340 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1341 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
1344 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
1345 NULL, NULL, NULL, NULL);
1346 if (status != SILC_SKE_STATUS_OK) {
1347 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1350 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1351 protocol->execute(server->timeout_queue, 0,
1352 protocol, fd, 0, 300000);
1358 /* Send the REKEY_DONE to indicate we will take new keys into use
1360 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1363 /* After we send REKEY_DONE we must set the sending encryption
1364 key to the new key since all packets after this packet must
1365 encrypted with the new key. */
1366 silc_server_protocol_rekey_generate_pfs(server, ctx, TRUE);
1368 /* The protocol ends in next stage. */
1369 protocol->state = SILC_PROTOCOL_STATE_END;
1372 case SILC_PROTOCOL_STATE_END:
1377 if (ctx->packet->type != SILC_PACKET_REKEY_DONE) {
1378 /* Error in protocol */
1379 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1380 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
1383 /* We received the REKEY_DONE packet and all packets after this is
1384 encrypted with the new key so set the decryption key to the new key */
1385 silc_server_protocol_rekey_generate(server, ctx, FALSE);
1387 /* Protocol has ended, call the final callback */
1388 if (protocol->final_callback)
1389 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1391 silc_protocol_free(protocol);
1394 case SILC_PROTOCOL_STATE_ERROR:
1399 if (ctx->pfs == TRUE) {
1400 /* Send abort notification */
1401 silc_ske_abort(ctx->ske, ctx->ske->status,
1402 silc_server_protocol_ke_send_packet,
1406 /* On error the final callback is always called. */
1407 if (protocol->final_callback)
1408 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1410 silc_protocol_free(protocol);
1413 case SILC_PROTOCOL_STATE_FAILURE:
1415 * We have received failure from remote
1418 /* On error the final callback is always called. */
1419 if (protocol->final_callback)
1420 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1422 silc_protocol_free(protocol);
1425 case SILC_PROTOCOL_STATE_UNKNOWN:
1431 /* Registers protocols used in server. */
1433 void silc_server_protocols_register(void)
1435 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1436 silc_server_protocol_connection_auth);
1437 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1438 silc_server_protocol_key_exchange);
1439 silc_protocol_register(SILC_PROTOCOL_SERVER_REKEY,
1440 silc_server_protocol_rekey);
1443 /* Unregisters protocols */
1445 void silc_server_protocols_unregister(void)
1447 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1448 silc_server_protocol_connection_auth);
1449 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1450 silc_server_protocol_key_exchange);
1451 silc_protocol_unregister(SILC_PROTOCOL_SERVER_REKEY,
1452 silc_server_protocol_rekey);